Phishing

Published on Nov 15, 2015

Abstract

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.

Phishing is a fraudulent e-mail that attempts to get you to divulge personal data that can then be used for illegitimate purposes.

There are many variations on this scheme. It is possible to Phish for other information in additions to usernames and passwords such as credit card numbers, bank account numbers, social security numbers and mothers' maiden names. Phishing presents direct risks through the use of stolen credentials and indirect risk to institutions that conduct business on line through erosion of customer confidence. The damage caused by phishing ranges from denial of access to e-mail to substantial financial loss

PHISHING TECHNIQUES

Phishers use a wide variety of techniques, with one common thread.

Link Manipulation

Most methods of Phishing use some form of technical deception designed to make a link in an e-mail appear to belong to the spoofed organization. Misspelled URLs or the use of sub domains are common tricks used by Phishers. In the following example, https://www.yourbank.example.com/ , it appears as though the URL will take you to the example section of the yourbank website; actually this URL points to the " yourbank " (i.e. Phishing) section of the example website.

An old method of spoofing used links containing the ' @ ' symbol, originally intended as a way to include a username and password. For example, https://www.google.com@members.tripod.com/ might deceive a casual observer into believing that it will open a page on www.google.com , whereas it actually directs the browser to a page on members.tripod.com , using a username of www.google.com : the page opens normally, regardless of the username supplied.

Filter Evasion

Phishers have used images instead of text to make it harder for anti-Phishing filters to detect text commonly used in Phishing e-mails.

Website Forgery

Once a victim visits the Phishing website the deception is not over. Some Phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original address bar and opening a new one with the legitimate URL.

Phone Phishing

Messages that claimed to be from a bank told users to dial a phone number regarding problems with their bank accounts. Once the phone number (owned by the Phishers) was dialed, prompts told users to enter their account numbers and PIN. Vishing (voice Phishing) sometimes uses fake caller-ID data to give the appearance that calls come from a trusted organization.